Corporate policies regarding insider trading and employee and business partner obligations with respect to nonpublic information need to be reevaluated in light of recent, high profile SEC enforcement actions.

Both public and private companies have historically adopted employee policies prohibiting the disclosure of confidential company information and, in the case of public companies, restricting trading in the company's stock. Companies also routinely enter into confidentiality agreements or nondisclosure agreements (NDA) with outside contractors and business partners to protect proprietary information and trade secrets.

Traditional theories of insider trading involve either a corporate insider trading in securities of her own corporation based on material non-public information or so-called "misappropriation"--trading while in knowing possession of material non-public information gained in violation of a fiduciary duty to its source. However, recent high-profile cases have pushed insider-trading far beyond these traditional fact patterns.

Companies face serious legal and reputational risk from misuse of confidential information for insider trading purposes. Traditional policies, standard NDA forms and existing employee training programs may no longer be adequate and should be reviewed in light of recent developments.

The SEC's insider trading action against Mark Cuban, owner of the Dallas Mavericks, raised the question of whether a confidentiality agreement created an obligation not to trade on the basis of the confidential information. In that case, the CEO of Mamma.com allegedly prefaced his conversation with Cuban, the company's largest shareholder, by telling Cuban that the information was confidential and securing Cuban's agreement to keep the information confidential before telling him. The SEC and Cuban are litigating the possible distinction between an agreement to keep information confidential and an agreement not to trade.

The lesson of the Cuban case is that confidentiality agreements and NDAs need to explicitly prohibit the recipient of information from trading or otherwise using the information for its own benefit. The agreements should also contain an acknowledgment that third parties may be "insiders" who are gaining material nonpublic information for purposes of the securities laws.

The SEC's enforcement actions relating to Galleon Management, LP, including claims against founder Raj Rajaratnam, involve hedge funds allegedly paying industry sources for bits of arguably nonmaterial information to create a "mosaic" of the company. In the Galleon cases, questions include whether a company employee or consultant was breaching a fiduciary duty to the company in providing such "bits" of information and whether company policy prohibited the dissemination of such information, even if the information is arguably not material.

Needless to say, it is very disturbing, from the employer's perspective, for a hedge fund to be paying its employees for information about the employer and its business without the employer's knowledge, even if the information is arguably not material. Company polices and confidentiality agreements need to explicitly prohibit employees from ever receiving compensation for consulting with a third party or otherwise providing information about the company without the company's prior written authorization. In addition, the policies and confidentiality agreements need to provide a robust description of confidential information to make clear that the protected information extends beyond financial results and extraordinary events to include all nonpublic company information, such as sales data, new product developments, order backlog, joint ventures, regulatory matters and personnel changes.

Finally, the "expert network" cases addressed allegations that consultants for an "expert networking" firm, in return for consulting fees, improperly provided hedge funds and other investors with material non-public information regarding several publicly held technology companies, including companies other than those that employed them. This risk of disclosure of nonpublic information about other companies is particularly relevant in the technology sector and other industries where commercial collaboration, outsourcing and supply chain integration is common.

To protect against the risk of insider trading based on nonpublic information about other companies, corporate policies and confidentiality agreements should prohibit disclosure of material nonpublic information about other companies obtained in the course of employment and should prohibit employees from trading in the stock of the company's business partners while in possession of material nonpublic information.

Finally, appropriate training of employees about the expanded policies and the risks of sharing nonpublic information is essential to establish the desired culture of compliance. Although nothing may deter the determined rogue employee, appropriate policies, confidentiality agreements and training programs will mitigate the reputational harm and legal risk to the company.

This column is the fifth in a series of articles on the impact of increasing and evolving governmental regulation and reform in the corporate governance arena.